From ba554095f1f59f3ca8f8c86b554000132173c50e Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Sun, 13 Oct 2024 07:33:28 -0700
Subject: [PATCH] Add X-Permitted-Cross-Domain-Policies

Signed-off-by: Tommy <contact@tommytran.io>
---
 etc/nginx/snippets/security.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/etc/nginx/snippets/security.conf b/etc/nginx/snippets/security.conf
index bf92784..e3e0a1b 100644
--- a/etc/nginx/snippets/security.conf
+++ b/etc/nginx/snippets/security.conf
@@ -13,6 +13,9 @@ add_header X-Content-Type-Options "nosniff" always;
 proxy_hide_header X-Frame-Options;
 add_header X-Frame-Options "SAMEORIGIN" always;
 
+proxy_hide_header X-Permitted-Cross-Domain-Policies;
+add_header X-Permitted-Cross-Domain-Policies "none" always;
+
 # Obsolete and replaced by Content-Security-Policy
 # Only here to pass Hardenize checks
 proxy_hide_header X-XSS-Protection;